performance issue, was Re: ICP proxy for Firewall

From: <tgraff@dont-contact.us>
Date: Wed, 22 Oct 1997 11:12:39 +0200

>>I am looking for an ICP proxy for our Firewall. We're using the Tis
>>Gauntlet software here, which is the full version of the Tis Firewall
>>toolkit. This may be not the right forum for Firewall issues, but I've
seen
>>form the recent messages to this list, a lot of people using their Squid
>>cache servers along with Firewalls, especially the tis toolkit.
>.. deleted ...
>
>This might be very useful but TIS told us UDP is not something they want
to
>support. It is possible to set up a "UDP-tunnel" though the FW "but people
 who

...

>
>A few solutions (I think)
>
>1) make it your self (mmmm)
>2) Use proxy-autoconfig from an internal www-server and list all
> internal/external servers in your domain (off-site per default via
proxy)
>3) Create separate domains for internal/external (mmm)
>4) Have an internal proxy which takes care of the "routing"

>>I've first tried to place the cache server outside the Firewall on our
>>external LAN segment, using the http-gw handoff option, which works fine,

>Non related question: Do you see any performance issues when the cache is
>outside the FW. For example does a fully cached page still get downloaded
full
>speed or does the FW slow it down?

Well, I hadn't the chance to test this under full load, but my impression
is
Yes, the FW is slowing it down a bit. But that'll be hardly noyicable for
our
users, as we already using the FW gateway for every outgoing http request.
My
point of view is the reverse: will the cache and it's parents slow down the
download of pages which are not cached? Especially,as I tend now to go for
solution 4) and bring in another proxy to be passed.

Thanks a lot,
     Thomas

---
European Space Operations Centre
phone: (+49)-6151-90-2996
FAX: (+49)-6151-90-3503
Email: tgraff@esoc.esa.de
Received on Wed Oct 22 1997 - 02:16:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:37:19 MST